Private enterprise network incorporating digital subscriber lines

ABSTRACT

A private enterprise network system for secure nonencrypted data transmission between computers of an entity but not over the Internet or other public, global computer network. At least one of the computers is connected to a shared, private backbone via an xDSL system. The private enterprise network is adapted to provide secure data transmission to multiple entities over the shared, private backbone. Further, the addresses of the computers in the entity may be of any suitable IP space, and different entities may have addresses in the same IP space. The addresses of the data transmitted are translated by a translation system that changes the entity addresses to private addresses for routing through a switch and router array system that has entity dedicated channels based on the private addresses. After exiting the switch and router array system, the data moves through the translator again and the private address is translated back to the entity address and the data is transmitted to the desired computer.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] This invention relates to broad band access to globalcommunications systems and, more specifically, to secure privatenetworks.

[0003] 2. Description of the Related Art

[0004] In today's business world, being able to network in any sense ofthe word is of paramount importance. With the explosion of the Internetand emerging access broadband technologies, data networking inparticular has become almost imperative to the operations of allcompanies. Whether it is business-to-business communications, satelliteoffice to headquarters, or e-commerce, being able to network means beingable to do business in the 21 ^(st) century.

[0005] Traditionally, only the large companies, with budgets to match,could take part in data networking. Wide area networks, frame relay andleased lines became standard and due to the limited number of carriers,it was, and still is, a fairly expensive process. It also has theadvantage of a high level of security in transmitting data.

[0006] Businesses, and individuals, who do not have the resources toinstall or lease hardwired communications lines are concerned with thelack of security and privacy in using the Internet. Additionally,organizations today are faced with the growing requirements of managingcomplicated networks with increasing numbers of users, the demands ofenterprise and Internet-based applications, and providing secure accessto many types of users.

[0007] The recent emergence of lower cost and readily accessible broadband technologies has made it possible to include all types and sizes ofbusinesses at much more reasonable costs. However, the prior art broadband technologies as come with increased concerns for security andeconomic efficiency.

[0008] Technologies are present to meet this need for privatecommunications, including many variations of encryption. A VirtualPrivate Network (VPN) is one encryption solution to providing privacy toInternet communications. Referring now to FIG. 1, VPN 10 is anInternet-based encrypted tunnel 12 between two connected points, such ascomputer A 14 and computer B 16. The VPN client software 18 of computerA 14 takes the data 20 to be transmitted and produces encrypted data 22which is transmitted to an Internet gateway 24. The encrypted data 22 isthen sent to the public Internet 26 where the data 22 then makes manyhops through many carriers 28. The now Internet transmitted encrypteddata 30 is directed through another gateway 32 and to the computer B 16.The VPN software 34 for the computer B unencrypts the data 30 to producedata 36 for computer B.

[0009] However, VPN has limitations. VPN is married to thepublically-accessed Internet with all of its traffic and congestion andinherent slowdowns. VPN is also dependent on data encryption software onboth ends to maintain security, which adds significant overhead on thenetworking devices as well as impacting the efficiency of the connectionitself. Further, the much slower dial-up connections just do not workwell in a VPN scenario. Additionally, special VPN software is needed atan additional cost. Also, VPN is not suitable for data that cannot beencrypted, such as data comprising xrays or other medical scans.

[0010] What is needed is a cost-effective, secure and economicbroad-band access solution at a reasonable cost that can effectivelyaccommodate many users.

SUMMARY OF THE INVENTION

[0011] A novel and unique private enterprise network (PEN) has beendiscovered that economically and flexibly provides secure datatransmission between many types of users at many locations. PEN meshesone or more national networks together through the facilities ofmultiple carriers that results in a resilient, integrated platform whichdoes not engage with the public Internet. Further, PEN does not requirethe encryption or other special software, which is costly to purchaseand maintain.

[0012] PEN utilizes a private backbone to which are users are connectedvia digital subscriber lines (DSL). Thereby, PEN enables all datatraffic to move through a private and secure network and not acrosscongested and non-secure Internet access points. This results inaccelerated delivery through PEN such as e-mail, file transfers, andother internal traffic.

[0013] Additionally, aspects of PEN include providing secure datatransmission between two separate users or between a plurality of users.Further, aspects of PEN are easily converted to accommodate more or lessusers, creating an extremely flexible network.

[0014] In an aspect of PEN, the network architecture is based onbuilding an efficient data network ‘on top’ of major metropolitan fiberoptic interconnected points within class ‘A’ carriers. Another aspect ofPEN has centers that connect to the Internet through multiple, diverse,ultra-fast OC-x circuits that move gigabits of data per second.

[0015] In aspects of PEN, access to data is controlled. For example, inan aspect of PEN, specific users are enabled to or prohibited fromaccessing particular data available within PEN just as with a privatewide area network. In another aspect, users have restricted access orare prohibited access to the Internet through a mediated, proxy access.

[0016] In another aspect of the invention, PEN provides the benefits ofprivate network systems without the burden of network management,investment in Internet access, expensive hardware, and obsoleteequipment through management by a PEN provider.

[0017] In an aspect of the invention, a private enterprise networksystem for secure, nonencrypted data transmission between a firstcomputer and a second computer of an entity comprises first and seconduser equipment, a shared, private backbone, a translator system, aswitch and router system, and an xDSL system. The first user equipmentis connected to the first computer, the first user equipment beingadapted to receive data transmission from the first computer and to addan entity address to the data transmission that identifies the secondcomputer. The second user equipment is connected to the second computer,the second user equipment being adapted to receive data transmissionwith the entity address and direct the data transmission to the secondcomputer. The shared, private backbone is in functional communicationwith the first user equipment and the second user equipment and adaptedto be in functional communication with another entity's user equipment.The translator system is in functional communication with the privatebackbone and being adapted to receive the data transmission with theentity address via the shared, private backbone and translate the entityaddress into a private address. The switch and router array systemcomprises a plurality of entity dedicated channels, being in functionalcommunication with the translator system, and is adapted to receive theprivate address data transmission from the translator, direct theprivate address data transmission through an appropriate entitydedicated channel based on the private address, and return the privateaddress data transmission to the translator system, wherein thetranslator system translates the private address of the datatransmission into the entity address and directs the data transmissionto the shared, private backbone for transmission to the second userequipment. The xDSL system is between the first user equipment and theshared, private backbone or the second user equipment and the shared,private backbone.

[0018] In a further aspect of the invention, the first and second userequipment comprises a router, bridge, or modem

[0019] In a further aspect of the invention, the switch and router arraysystem comprises a universal access concentrator.

[0020] In a further aspect of the invention, the switch and router arraysystem is enabled to handle media translation, security policies,circuit aggregation, or Intranet routing.

[0021] In a further aspect of the invention, the translator system andthe switch and router system is combined into a single system.

[0022] In a further aspect of the invention, both first and second userequipment is connected to the shared, private backbone by xDSL systems.

[0023] In a further aspect of the invention, the entity has a pluralityof computers and user equipment.

[0024] In a further aspect of the invention, the switch and router arraysystem is enabled to restrict transmission of all data between the firstcomputer and the second computer or previously identified data betweenthe first and second computer.

[0025] In a further aspect of the invention, a core asynchronoustransfer mode switch is between the shared, private backbone and thetranslator system.

[0026] In a further aspect of the invention, a network addresstranslation and proxy system is in functional communication with theshared, private backbone and with a public global computer system. In astill further aspect of the invention, the switch and router arraysystem is enabled to restrict transmission of all data from the publicglobal computer network or restricted data requested by a user of thefirst computer from the public global computer network.

[0027] In a further aspect of the invention, another entity is infunctional with the shared, private backbone.

[0028] In an aspect of the invention, a private enterprise networksystem installation process comprising the steps of:

[0029] identifying a first computer and second computer of an entitydesired to be connected such that secure, nonencrypted transmission ofdata occurs between a first computer and a second computer;

[0030] connecting first and second user equipment to the first andsecond computers, respectively, the first user equipment being adaptableto receive data transmission from the first computer and to add anentity address to the data transmission that identifies the secondcomputer, and the second user equipment connected to the secondcomputer, the second user equipment being adaptable to receive datatransmission with the entity address and direct the data transmission tothe second computer;

[0031] connecting the first and second user equipment to a shared,private backbone that is capable of being in functional communicationwith another entity's user equipment and is not publically accessible,wherein at least one of the first and second user equipment is connectedto the shared, private backbone via an xDSL system;

[0032] connecting a translator system to the private backbone, thetranslator system being adaptable to receive the data transmission withthe entity address via the shared, private backbone and translate theentity address into a private address; and

[0033] connecting a switch and router array system comprising aplurality of entity dedicated channels to the translator system, whereinthe switch and router system is adaptable to receive the private addressdata transmission from the translator, direct the private address datatransmission through an appropriate entity dedicated channel based onthe private address, and return the private address data transmission tothe translator system, wherein the translator system translates theprivate address of the data transmission into the entity address anddirects the data transmission to the shared, private backbone fortransmission to the second user equipment.

[0034] In an aspect of the invention, the number of the computers of theentity connected to the backbone changes.

BRIEF DESCRIPTION OF THE DRAWINGS

[0035]FIG. 1 is a schematic view of a virtual private network known inthe prior art.

[0036]FIG. 2 is a schematic view of a private enterprise networkaccording to an embodiment of the invention.

[0037]FIG. 3 is a schematic view of a three tiered model of a privateenterprise network according to an embodiment of the invention.

[0038]FIG. 4 is a schematic view of a private enterprise networkaccording to an embodiment of the invention.

[0039]FIG. 5 is a schematic view of a hybrid private enterprise networkaccording to an embodiment of the invention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0040] Referring now to the figures, wherein like reference numeralsrefer to like elements throughout the figures, and referringspecifically to FIG. 2, in an embodiment of the invention, a privateenterprise network (PEN) 100 transmits data 102 between a computer A 104and a computer B 106 of an entity. The data 102 is transmitted securelyand it is not transmitted over the publically accessible Internet. As aresult, there is no need for encryption software in the computers A 104and B 106 as is required with the virtual private network of the priorart. An entity is something that exists as a particular and discreteunit, such as a corporation, partnership, individual, or organization,for a non-inclusive list of examples.

[0041] More specifically, the data 102 is directed from computer A 104to user equipment 108. In embodiments of the invention, the userequipment 108 is a router, bridge, or modem. The user equipment 108directs the transmitted data 102 through an xDSL connection 110 to aDSLAM 112. The data 102 is then directed to an asynchronous transfermode (ATM) switch 114. Next, the data 102 is directed into a shared,private backbone 116 through, preferentially, a single carrier. The data102 is then transmitted through an ATM switch 118 and a DSLAM 120associated with computer B 106. Next the data 102 is directed throughanother xDSL connection 124 to a user equipment 122 and into computer106.

[0042] The shared, private backbone 116 is any data transmission conduitthat does not include the Internet or any other public global computernetwork. The shared, private backbone 116 is comprised of two or moreprivate channels, each of which enables secure, private datatransmission there through for a plurality of entities. Each entitydesires secure, private data transmission without encryption of the dataand without requiring it's own, individual private backbone. The shared,private backbone may be owned or leased by a backbone administrator.Further, the shared, private backbone may be a combination ofowned/leased data transmission conduits that combined create a PEN thatextends geographically to all of the computers of the entity. In anembodiment of the invention, the private backbone architecture iscomprised of ATM private line circuits in a mixed copper and fiberenvironment. Other embodiments of the invention comprise other suitabledata transmission environments.

[0043] It is to be understood that xDSL means any appropriate DSLcommunication configuration. DSL, or Digital Subscriber Line, is one ofthe technologies used to achieve broadband speeds over ordinarytelephone lines. More specifically, DSL is a telecommunications servicethat enables a copper phone line loop to transmit data without having todial into the telephone line. In some forms of DSL, voice and datatraffic are on the same copper phone line loop.

[0044] Embodiments of the invention are not limited to currentlyavailable forms of DSL nor are the embodiments limited to currentlyavailable xDSL transmission speeds. xDSL connections include, but arenot limited to:

[0045] 1. IDSL (ISDN DSL) which uses ISDN provisioning and testing, andcan exist with analog and ISDN services. IDSL is limited to 144 kbpsupstream (to the user) and downstream (from the user), but can sometimesprovide further reach than other DSL solutions because it does not havethe same distance limitations.

[0046] 2. ADSL (Asymmetric DSL) which uses two different transmissionspeeds, with the downstream speed usually being much higher than theupstream speed. ADSL can achieve downstream speeds of 8 Mbps andupstream speeds to 1 Mbps.

[0047] 3. VDSL (Very High Speed DSL) which is anticipated to providedhigher speeds than ADSL but requires a shorter transmission distancebetween the User equipment and the DSLAM.

[0048] 4. RADSL (Rate Adaptive DSL) which modifies the data transmissionrate to match the quality of the phone line. Low quality phone linesintroduce ‘noise’ into the data transmission, which slows it down.Currently, with conditioned phone lines, RADSL provides downstreamtransmission rates of 7 Mbps downstream and 1 Mbps upstream.

[0049] 5. HDSL/SDSI (High Data Rate DSL/Symmetric DSL) which uses twostandard phone lines for 1.5 Mbps transmission speeds and offers thecapability to combine three phone lines for 2 Mbps speeds. HDSL and SDSLare intended as lower cost replacements for dedicated and fractional T-1lines.

[0050] xDSL connections provide a positive economic combination of costand performance for a wide range of applications. xDSL does not requirehardware and transmission line upgrades as it typically uses theavailable phone lines, providing the quality of the copper phone linesenables desired transmission speeds.

[0051] Referring now to FIG. 3, an embodiment of the invention, the PENutilizes a three-tiered model 200. The first tier, or the access layer202, comprises a plurality of computers and user equipment which isconnected to a larger, private shared network 206, which comprises theshared, private backbone discussed above in connection with FIG. 2. Theplurality of computers and user equipment is associated with a singleentity as shown.

[0052] Embodiments of the invention have one or more entities connectedto the network 206, with each entity having a plurality of computers anduser equipment. Further, each entity has entity addressing for datatransmission, but PEN 200 permits different entities to have computerswith the same addresses and still maintain data security. The entitiesuse the shared, private backbone for data transmission between computersbut the PEN 200 is designed such that computers only transmit databetween other computers of the same entity.

[0053] In an embodiment of the invention, the entity addresses are basedon RFC 1918 network numbering and as such supports any appropriate IPrange. In still further embodiments of the invention, PEN 200architecture assigns CIDR IP blocks as large a /8 to customers. Inanother embodiment of the invention, the IP space is independent of theInternet's addressing scheme and subnets are custom designed creatingprivate IP spaces that are not routable on the Internet, wherebysecurity of the data transmission in the private IP spaces is enhanced.In another embodiment of the invention, the PEN 200 layers publiclyroutable IP ranges and maintains desired security levels.

[0054] The second tier, or the distribution lay 208, receives data fromthe network 206 into an translator 209 and then to a universal accessconcentrator (UAC) 210 or other suitable array of switches and routers.

[0055] The translator 209 translates the entity addresses into privateaddresses for the data coming in from the network 206 before the dataenters the UAC 210. The private addresses enable the data to enter, movethrough, and exit the UAC 210 through an appropriate entity dedicatedchannel based on the private address. The data exiting the UAC 210 isdirected through the translator 209 and the translator translates theprivate addresses back to the entity addresses so that the data can bedirected through the shared, private backbone and to the desiredcomputer.

[0056] In an embodiment of the invention, there are multiple translatorsthat are in mutual communication such that their operations arecoordinated. One or more of the translators comprise a translatorsystem.

[0057] The UACs 210 handle media translation, security policies, circuitaggregation, and Intranet routing. In embodiments of the invention, thechannels in the UAC 210 are manually and/or automatically allocated toeach entity. The UAC 210 is designed such that only one entity uses achannel.

[0058] In embodiments of the invention, there are one or more UAC's,forming a UAC system or a switch and router array system. In embodimentsof the invention, the individual arrays of the switch and router arraysystem, or the individual UACs if that is the case, are connected via aVLAN system 212 or other suitable data transmission connection. In apreferred embodiment of the invention, the multiple UACs and translatorsare geographically dispersed about the network 206. In an embodiment ofthe invention, the translator system and the UAC system is combined intoa single translator/UAC system.

[0059] While embodiments of the invention may use any suitable protocolin the distribution layer 208, in a preferred embodiment of theinvention, the second tier protocols comprise ATM encapsulation asdefined by RFC 1483, frame relay as defined by RFC 2427, and HDLC asdefined by RFC 1662.

[0060] The third layer, or the core layer 214 is in connection with thedistribution layer 208 through a network address translation and proxysystem 216. In embodiments of the invention, the system 216 comprisesone or more suitable devices. The system 216 is Connected to an ATMswitch/router system 218 that enables access to the public Internet 220.In an embodiment of the invention, PEN 200 peers with network accesspoints, such as, but not limited to, the network access point serviceidentified as InterNAP.

[0061] In some embodiments of the invention, only the first two tiers,the access layer 202 and the distributer layer 208, are present as it isdesired that data transmission between only computers in the PEN isallowed.

[0062] For embodiments of the invention with third tiers 214 andInternet access, the Internet access is designed to protect PEN fromunwanted outside intrusions. Utilization of the RFC 1918 privatenumbering protocol prohibits Internet routing. However, Internet trafficis directed to one or more proxies that can track outbound requests,retrieve the requests for the originating machine, and pass the requeststo the requesting computer in the PEN. This ensures that the Internettraffic is one way and traffic originating from the Internet isinhibited from entering the first two tiers of the PEN.

[0063] In an embodiment of the invention, PEN architecture is designedaround a TCP/IP model, however other embodiments of the inventioninclude any suitable architecture utilizing other communicationprotocols, of which a non-exclusive list comprises SNA and SPX/IPX. In apreferred embodiment of the invention, the other communication protocolsrequire a bridge solution.

[0064] Still referring to FIG. 3, an example of data transmission in anembodiment of the invention follows. The user equipments 204 areconfigured with RFC 1918 private numbers. A data packet from one of theuser computers is encapsulated within ATM cells that become aggregatedat a DSLAM, which resides at a local telco central office. As the cellsleave the DSLAM, they are segregated within their own permanent virtualcircuit (PVC) and sent upstream over a larger pipe into the larger ATMnetwork 206. Each PVC is separately built with the distribution layer208 on dedicated sub-interfaces, channels, at which time private TCP/IPaddressing is established. The traffic is then routed to other approvedlocations, in which case the packets are broken down into ATM cells anddirected toward the destination PVC and to the designation DSL router.Upon arriving at the destination DSL router, the cells are reconstructedinto IP packets and directed to the other computer. In other words, thetransmission is entirely ATM and the distribution layer adds the IPnumbering to determine desired routing. The packets do not enter thepublic Internet with the IP numbering remaining private.

[0065] Embodiments of the invention are flexible enough to incorporateexisting private networks. Referring now to FIG. 4, an embodiment of theinvention comprises a PEN 300 that incorporates a privately routednetwork 302. It is shown that the privately routed network 302 comprisesa plurality of locations 304. The PEN 300 is designed and arranged suchthat data is transmitted through one or more xDSL systems 306 to a coreATM switch 308. The data transmission options from and to the core ATMswitch 308 include directing the data to a universal access concentrator310 and to an Internet access system 312. The Internet access system 312comprises a server system 314 for handling web, e-mail and DNSfunctions, a firewall array system 316, an integrated web and Internetproxy incorporated into a gateway 318 which permits secure access to theInternet 320. In a preferred embodiment of the invention, core ATMswitch 308, the universal access concentrator system 310, and thefirewall array system 316 are CISCO products.

[0066] Referring now to FIG. 5, in an embodiment of the invention, ahybrid PEN 400 incorporates an existing frame network 402 connecting afirst plurality of locations 404 with a second plurality of locations406. The frame network 402 is connected to a main location 408, such aheadquarters, via a T1 line 410. The second plurality of locations 406are in functional communication via xDSL systems 412 to distributionlayer 414. The distribution layer 414 is in communication with the mainlocation 408 via another T1 line 416. A router 418 with two DSU cards isutilized to direct data traffic between the existing frame network 402and the second plurality of locations 406. In a preferred embodiment ofthe invention, the router 418 is a CISCO brand system, but othersuitable devices for routing data traffic are used in other embodiments.

[0067] In the shown embodiment of the invention, access to the Internet420 is available only through the distribution layer 414 for all of thelocations 404 and 406 to enhance the security of the hybrid PEN 400.

[0068] Although presently preferred embodiments of the present inventionhave been described in detail hereinabove, it should be clearlyunderstood that many variations and/or modifications of the basicinventive concepts herein taught, which may appear to those skilled inthe pertinent art, will still fall within the spirit and scope of thepresent invention, as defined in the appended claims.

1. A private enterprise network system for secure, nonencrypted datatransmission between a first computer and a second computer of an entitycomprising: a first user equipment connected to the first computer, thefirst user equipment being adapted to receive data transmission from thefirst computer and to add an entity address to the data transmissionthat identifies the second computer; a second user equipment connectedto the second computer, the second user equipment being adapted toreceive data transmission with the entity address and direct the datatransmission to the second computer; a shared, private backbone infunctional communication with the first user equipment and the seconduser equipment and adapted to be in functional communication withanother entity's user equipment; a translator system in functionalcommunication with the private backbone and being adapted to receive thedata transmission with the entity address via the shared, privatebackbone and translate the entity address into a private address; aswitch and router array system comprising a plurality of entitydedicated channels, being in functional communication with thetranslator system, and being adapted to receive the private address datatransmission from the translator, direct the private address datatransmission through an appropriate entity dedicated channel based onthe private address, and return the private address data transmission tothe translator system, wherein the translator system translates theprivate address of the data transmission into the entity address anddirects the data transmission to the shared, private backbone fortransmission to the second user equipment; and an xDSL system betweenthe first user equipment and the shared, private backbone or the seconduser equipment and the shared, private backbone.
 2. The privateenterprise network system of claim 1, wherein: the first user equipmentcomprises a router, bridge, or modem; and the second user equipmentcomprises a router, bridge, or modem.
 3. The private enterprise networksystem of claim 1, wherein: the switch and router array system comprisesa universal access concentrator.
 4. The private enterprise networksystem of claim 1, wherein: the switch and router array system isenabled to handle media translation, security policies, circuitaggregation, or Intranet routing.
 5. The private enterprise networksystem of claim 1, wherein: the translator system and the switch androuter system is combined into a single system.
 6. The privateenterprise network system of claim 1, further comprising: another xDSLsystem, wherein the xDSL system is between the first user equipment andthe shared, private backbone and the another xDSL system is between thesecond user equipment and the shared, private backbone.
 7. The privateenterprise network system of claim 1, wherein: the entity has aplurality of computers and user equipment.
 8. The private enterprisenetwork system of claim 1, wherein: the switch and router array systemis enabled to restrict transmission of all data between the firstcomputer and the second computer or previously identified data betweenthe first and second computer.
 9. The private enterprise network systemof claim 1, further comprising: a core asynchronous transfer mode switchbetween the shared, private backbone and the translator system.
 10. Theprivate enterprise network system of claim 1, further comprising: anetwork address translation and proxy system in functional communicationwith the shared, private backbone and with a public global computersystem.
 11. The private enterprise network system of claim 10, wherein:the switch and router array system is enabled to restrict transmissionof all data from the public global computer network or restricted datarequested by a user of the first computer from the public globalcomputer network.
 12. The private enterprise network system of claim 11,wherein another entity is in functional with the shared, privatebackbone.
 13. A private enterprise network system installation processcomprising the steps of: identifying a first computer and secondcomputer of an entity desired to be connected such that secure,nonencrypted transmission of data occurs between a first computer and asecond computer; connecting first and second user equipment to the firstand second computers, respectively, the first user equipment beingadaptable to receive data transmission from the first computer and toadd an entity address to the data transmission that identifies thesecond computer, and the second user equipment connected to the secondcomputer, the second user equipment being adaptable to receive datatransmission with the entity address and direct the data transmission tothe second computer; connecting the first and second user equipment to ashared, private backbone that is capable of being in functionalcommunication with another entity's user equipment and is not publicallyaccessible, wherein at least one of the first and second user equipmentis connected to the shared, private backbone via an xDSL system;connecting a translator system to the private backbone, the translatorsystem being adaptable to receive the data transmission with the entityaddress via the shared, private backbone and translate the entityaddress into a private address; and connecting a switch and router arraysystem comprising a plurality of entity dedicated channels to thetranslator system, wherein the switch and router system is adaptable toreceive the private address data transmission from the translator,direct the private address data transmission through an appropriateentity dedicated channel based on the private address, and return theprivate address data transmission to the translator system, wherein thetranslator system translates the private address of the datatransmission into the entity address and directs the data transmissionto the shared, private backbone for transmission to the second userequipment.
 14. A private enterprise system modification processcomprising the steps of: providing the private enterprise network systemof claim 7, changing the number of the plurality of the computers in theprivate enterprise system.